European companies are concerned about the ban on VPN in Russia

On June 23 of this year, the State Duma adopted in its first reading a draft federal law “On Amendments to the Federal Law“ On Information, Information Technologies and Information Protection ”” ( pdf ), and on July 30, this document was signed by Russian President Vladimir Putin. Then, in July, it became known that the implementation of the law will be monitored by the FSB and the Interior Ministry.

It is clear that a huge number of users in the country are not too happy with the prospect of blocking anonymizers and VPN. But, as it turned out, they are not very happy about this outside of Russia. For example, the Association of European Businesses (AEB), which includes Air France, Citibank, Volvo Cars, Deutsche Bank, Nokia and several hundreds of European companies, expressed its concern about the amendments to the law "On Information and Information Technologies and protection of information ", - writes RBC.

Letter of Expression of Concern by Members of the Association AEB Director General
Frank Schauff sent the Minister of Communications Nikolai Nikiforov and the head of Roskomnadzor Alexander Zharov.
')
This letter, in particular, states the following: “Anonymizers use such technologies as private virtual networks (VPN), proxy servers, etc. However, these technologies are also used by the overwhelming majority of international companies in Russia as one of the information security measures (for protection of data transmission channels) in the conduct of business. Consequently, the law, in case of its extended interpretation, may be applicable to intra-corporate IT systems and processes operating on the basis of VPN technologies and proxy servers and used solely for internal production purposes, not involving, in particular, obtaining information that is restricted to the territory. Russia. "

It is worth noting that the new edition of the Law “On Information” received a reservation, which nevertheless opens up the possibility of working with a VPN to a certain circle of people. Thus, the law states that "the range of users of such software and hardware by their owners is predetermined and the use of such software and hardware is carried out for the technological purposes of ensuring the activities of the person carrying out their use." This formulation is not very clear, especially for representatives of foreign business. That is why AEB asks Roskomnadzor to clarify the situation. Europeans do not yet understand whether they can continue to work with a VPN in Russia for their own needs, for example, to work with partners or contractors, or in this case it is necessary to notify the regulators in Russia about all this.

“As far as I know, there has not yet been a reply with explanations from Roskomnadzor and the Ministry of Communications and Mass Media. In such a situation, we always advise European companies to try to fulfill the requirements of local legislation, ”said Edgars Puzo, Chairman of the AEB IT and Telecommunications Committee.

Actually, even among the representatives of Russian business there is no clear understanding of whether it is possible to work with a VPN to solve these or other business issues. For example, Internet obmundser Dmitry Marinichev argues that the clause contained in the law, removes the VPN from the action of the law itself.

Leonid Evdokimov, a developer from the Tor Project, agrees with Marinichev. He believes that it is simply impossible to distinguish a corporate VPN for employees of any company from an open service, which is used to bypass blocking.

“Therefore, a VPN registry that does not comply with this law will always be one step behind the existing infrastructure. Of course, another development is possible: blocking all VPN-like protocols and introducing a list of “good”, but it seems that such an asymmetrical answer has not yet been discussed. And blacklists are practically useless, ”said Evdokimov.

In this case, according to Evdokimov, there is another technical problem. The fact is that it is very difficult, if not impossible, to distinguish Russian users from those who came "outside."

Roskomsvobod lawyer Sarkis Darbinyan argues that if a VPN can be used for corporate needs, employees of companies that have access to a VPN will use such services for personal purposes. Plus, Darbinyan believes that the FSB and Roskomnadzor will simply not be able to track some cases of using a VPN: “There are tools like OpenVPN that allow the user to deploy their VPN, and Roskomnadzor will not be able to track it, as most telecom operators do not yet have the appropriate equipment ".